Raspi Course

Setting Up SSH Key Authentication for Raspberry Pi with a Custom Key

Once you've got your os installed and you can login with ssh, you'll want to setup an ssh key to make it easier to login.

1. Generate SSH Key Pair

step 1:

On your computer (no the raspberry pi) generate a dedicated public-private SSH key pair for your Raspberry Pi:

ssh-keygen -t rsa -b 4096 -C "raspberrypi@example.com" -f ~/.ssh/id_rsa_raspberrypi
ssh-keygen -t rsa -b 4096 -C "raspberrypi@example.com" -f ~/.ssh/id_rsa_raspberrypi
ssh-keygen -t rsa -b 4096 -C "raspberrypi@example.com" -f ~/.ssh/id_rsa_raspberrypi
ssh-keygen -t rsa -b 4096 -C "raspberrypi@example.com" -f ~/.ssh/id_rsa_raspberrypi
  • ssh-keygen: Command to generate SSH key pairs.
  • -t rsa: Specifies RSA, a robust key type.
  • -b 4096: Uses a 4096-bit key for enhanced security.
  • -C: Adds a comment to the key for identification. Replace this with your email.
  • -f: Directs where to save the new key, here named id_rsa_raspberrypi.

2. Copy the Public Key to Raspberry Pi

step 2:

Run this from you computer to transfer the newly created public key to your Raspberry Pi.

ssh-copy-id -i ~/.ssh/id_rsa_raspberrypi.pub pi@raspberrypi.local
ssh-copy-id -i ~/.ssh/id_rsa_raspberrypi.pub pi@raspberrypi.local
ssh-copy-id -i ~/.ssh/id_rsa_raspberrypi.pub pi@raspberrypi.local
ssh-copy-id -i ~/.ssh/id_rsa_raspberrypi.pub pi@raspberrypi.local

Your personal computer has the private key and the pi just has the public key. The private key is the only thing that will be able to conect to the pi.

  • ssh-copy-id: Simplifies the process of adding your SSH key to the Raspberry Pi.
  • -i: Specifies the SSH key to copy.
  • pi@raspberrypi.local: Replace with the Raspberry Pi's actual username and IP address or hostname.

3. Log In Using SSH Key

step 3:

Connect to your Raspberry Pi using the new SSH key

ssh -i ~/.ssh/id_rsa_raspberrypi pi@raspberrypi.local
ssh -i ~/.ssh/id_rsa_raspberrypi pi@raspberrypi.local
ssh -i ~/.ssh/id_rsa_raspberrypi pi@raspberrypi.local
ssh -i ~/.ssh/id_rsa_raspberrypi pi@raspberrypi.local

4. (Optional) Add SSH Config

The current setup requires us to specify the key every time we want to connect to the pi using the -i ~/.ssh/id_rsa_raspberrypi argument. If you don't want to have to do that, you can add the file to your ssh config.

step 3:

On your personal computer, add the following code to ~/.ssh/config

Host raspberrypi
    HostName raspberrypi.local
    User pi
    IdentityFile ~/.ssh/id_rsa_raspberrypi
Host raspberrypi
    HostName raspberrypi.local
    User pi
    IdentityFile ~/.ssh/id_rsa_raspberrypi
Host raspberrypi
    HostName raspberrypi.local
    User pi
    IdentityFile ~/.ssh/id_rsa_raspberrypi
Host raspberrypi
    HostName raspberrypi.local
    User pi
    IdentityFile ~/.ssh/id_rsa_raspberrypi

Now you can ssh onto the pi using ssh raspberrypi which is a little easier to type and you don't need your password.

5. (Optional) Disable Password Authentication

To further secure your Raspberry Pi, consider disabling password-based authentication, ensuring all connections are made using SSH keys only.

sudo nano /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
  • Open the SSH configuration file and modify the line containing PasswordAuthentication yes to PasswordAuthentication no.
  • Save and exit the editor.

Then, restart the SSH service:

sudo systemctl restart ssh
sudo systemctl restart ssh
sudo systemctl restart ssh
sudo systemctl restart ssh
  • This command refreshes the SSH service to apply your new settings.

Using a custom key for each device like id_rsa_raspberrypi specifically for your Raspberry Pi enhances security by isolating access credentials. This approach is particularly beneficial if you manage multiple devices or need to maintain clear security boundaries between projects or environments.